mirai | e4a71b65dc6fc1f79b56246d1268f875156f1ff2020a7abe0f4c610f0a43a4e1 | Triage

Sharing

General

Target

b3e89887f91cc437400a0a0652f36386.elf
Size

45KB
Sample

230518-lhl5laac54
MD5

b3e89887f91cc437400a0a0652f36386
SHA1

70f66e8246ea6f2be40132db485fff98093839ea
SHA256

e4a71b65dc6fc1f79b56246d1268f875156f1ff2020a7abe0f4c610f0a43a4e1
SHA512

c31be889c40225dc38df39e6dc039d055d35294f43ab9cad1de3c5d0052508ae154d8ec3a528031edbedbf91c80c29d77e801a61f95766a576c8daec31939459
SSDEEP

768:g/TYCoIxdEk+AxoTZAZHFeq8b3PK9q3UELbUXfi6nVMQHI4vcGpvv:gECFd+A6YHAxHLRQZv

Score

10^/10

mirai lzrd botnet upx

Malware Config

Extracted

Family

mirai

Botnet

LZRD

Targets

- Target
  
  b3e89887f91cc437400a0a0652f36386.elf
- Size
  
  45KB
- MD5
  
  b3e89887f91cc437400a0a0652f36386
- SHA1
  
  70f66e8246ea6f2be40132db485fff98093839ea
- SHA256
  
  e4a71b65dc6fc1f79b56246d1268f875156f1ff2020a7abe0f4c610f0a43a4e1
- SHA512
  
  c31be889c40225dc38df39e6dc039d055d35294f43ab9cad1de3c5d0052508ae154d8ec3a528031edbedbf91c80c29d77e801a61f95766a576c8daec31939459
- SSDEEP
  
  768:g/TYCoIxdEk+AxoTZAZHFeq8b3PK9q3UELbUXfi6nVMQHI4vcGpvv:gECFd+A6YHAxHLRQZv
Score

10^/10

mirai lzrd botnet
- Mirai
  Mirai is a prevalent Linux malware infecting exposed network devices.
  botnet mirai
- Modifies Watchdog functionality
  Malware like Mirai modifies the Watchdog to prevent it restarting an infected system.
- Writes file to system bin folder
behavioral1

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Hijack Execution Flow

Privilege Escalation

Hijack Execution Flow

Defense Evasion

Impair Defenses

Hijack Execution Flow

Credential Access

Discovery

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

mirailzrdbotnet